Groups Clash Over Hotmail Spam Filters

Anti-spam activists Friday came to the defense of MSN Hotmail, after Microsoft's Web-based
e-mail service was criticized for the unauthorized blocking of some outgoing
as well as incoming messages in its fight against junk email.

But Hotmail is accused of being too heavy-handed in its use of the RBL by
Peacefire, an anti-censorship site.
Peacefire founder Bennett Haselton issued a press release Thursday
announcing his discovery that Hotmail users have been unable to send or
receive email to or from Peacefire for the past five months -- ever since
its Web hosting firm, Massachusetts-based Media3 Technologies, had over 1,500 of its
IP addresses, including Peacefire's, placed on the MAPS blacklist.

Media3 earned a place on the RBL in June because, according to MAPS, it
hosts a number of companies that sell software for sending junk email.
Media3 sued MAPS in December to get its block of IP addresses removed from
the RBL. The lawsuit is still pending.

According to Peacefire's Haselton, the Hotmail incident illustrates that the
RBL is doing more harm than good.

"Most people would rather delete nine junk emails than have one legitimate
email get lost. Fighting spam is not the be-all end-all of the Internet,"
said Haselton, who reports that dozens of upset Hotmail users have contacted
him after learning about the blockade. Some threatened to switch to a new
Web-mail provider.

But some anti-spam activists Friday accused Peacefire of intentionally
putting itself in the line of fire between Media3 and MAPS. Steve Linford,
co-owner of the London-based Web design and hosting firm Ultradesign and operator of the Spamhaus Project, said Haselton was well
aware that Media3 is considered the Internet's biggest spam
service host, and that by staying with the ISP, Haselton is falsely trying
to paint himself as an unwitting victim of the spam wars.

"People have offered Peacefire alternative hosting for free, and Media3
could move Peacefire in under three minutes by changing their DNS. But
Bennett won't do that," said Linford, who noted that the Peacefire site was
placed into the group of blacklisted Media3 IP addresses after MAPS added
the company to the RBL.

Joe Hayes, Media3 co-owner, confirmed Friday that Haselton had not asked to
be moved out of the blocked IP range. But Hayes said that's because such a
move would disrupt the Peacefire site.

"If he wants to be moved off that machine we'll certainly accommodate him.
But I don't think he's purposely staying there because he wants to make this
an agenda. If there was spam on our network, he'd be the first to complain
because he doesn't believe in spam," said Hayes.

According to Hayes, Media3 has a tough acceptable use policy and
kicks companies off its network all the time for sending spam. But Hayes
said his clients who sell bulk emailing software are not violating those
terms.

"We don't have a billboard on our site that says, 'If you spam, come here.'
Our AUP forbids it. Every hosting company has customers who send out spam.
It's how you react to it. If I get complaints, there's justification for
removing the accounts," said Hayes.

"I'm disappointed that Peacefire, which has a long history of coming up with
responsible technical ways to get around blocking software that they don't
agree with, hasn't taken simple technical means to get around this
accidental block at MAPS. I see no advantage to Bennett to continue claiming
he's a victim by being associated with spamware vendors with whom he has no
sympathy," said Levine.

While most ISPs use the RBL to block incoming connections to their mail
servers from blacklisted IP addresses, it appears that Hotmail may have gone
further and was using a router-based option MAPS calls BGP mode. Under that
system, Hotmail users were prevented not only from receiving email from
blacklisted sites, but also from sending messages to them. Hotmail officials
were not immediately available for comment.

According to Haselton, after he complained Hotmail eventually enabled its
subscribers to send mail to @peacefire.org addresses, although the outgoing
block on other blacklisted IPs is still in place.

Hayes of Media3 said incidents like the one at Hotmail will cause support
for MAPS among ISPs to erode, as they realize the anti-spam service is
holding companies hostage.

"If people look at the whole story, they will really begin to understand
that MAPS is testing the waters out there to see how much they can get away
with, and they don't care who they hurt in the process," said Hayes.

Linford noted that ISPs are entitled to use the RBL however they see fit,
but he conceded that he would be reluctant to block his users' outgoing
mail. But Linford said Hotmail has an unusual spam problem, which required
it to take unusual steps to protect its users.

"It all sounds terrible -- if I were an ordinary user reading that MAPS was
binning my email, I'd be livid. But on the other hand, nobody wants spam.
And the vast majority of Hotmail users would be thankful, because everyone
has been screaming at Hotmail to stop the spam."

News sites mistakenly blocked by filters, study says

Web sites sponsored by Amnesty International in the United States and
around the world are routinely blocked by the kinds of Internet filters
some politicians want to require in all libraries and schools, according to
a new study.

The nonprofit organization that sponsored the report, Peacefire.org, is itself being blocked
by a group of Internet service providers.

The study suggests that news and information sites like that of Amnesty International are often blocked
by Internet filters that search for words like "death" (as in death
penalty), "kill" (soldiers allegedly killed civilians) and "sex" (officials
investigate sex crimes). Peacefire says this proves Internet filtering
companies do not visually examine suspect Web sites before "blacklisting"
them, as is often claimed.

For instance, the report describes one news page on the
main Amnesty.org site that is blocked by Cybersitter as "sexually explicit."
Peacefire analysis shows that the filtering software blocked such articles
because they contained the phrase "at least 21."

The sentence that triggered the filter's block of the site? "Reports of
shootings in Irian Jaya bring to at least 21 the number of people in
Indonesia and East Timor killed or wounded."

In another example, the entire Amnesty International site in Israel was
blocked by Cyber Patrol,
according to the study.

The Peacefire report cites dozens of other Amnesty International-related
sites that were blocked by Internet filters.

Peacefire decided to test several blocking programs using a list of Amnesty
International sites because numerous students complained that filters kept
them from completing school projects.

Brian Milburn, president of Solid Oak Software, the maker of Cybersitter,
said, "There's always going to be instances where sites are going to be
excluded accidentally." He said a human being reviews individual sites if
people report them to the company.

Several politicians in the United States and in other countries have
pressed for requirements that libraries and schools use filtering software.
These requirements are usually supported by the makers of the software,
some of whom have given congressional testimony that all blocked sites are first
reviewed by a human being.

Peacefire, however, says filtering programs often block more news sites
than sexually oriented sites. In a study released last October,
the group tested five blocking programs. Peacefire found that different
programs had "error rates" ranging from 20 percent to 80 percent, blocking
sites that were not seen as offensive.

Ironically, many Internet users cannot find Peacefire in their Web
browsers. That is because the site is the mistaken target of a "black hole"
list, according to Peacefire's Webmaster, Bennett Haselton.

The Realtime Blackhole List (RBL)
recently placed a block on hundreds of sites at the Web hosting service
used by Peacefire.

The RBL is blocking all of these sites because one site sells email
automation software that has legitimate uses but could also be used to send
"spam," or unsolicited email. To put more pressure on such a site, the RBL
simultaneously blocks hundreds of unrelated, innocent sites that, by
coincidence, have the same Web host as the site that the RBL dislikes.

The RBL has been criticized by legal experts and sued
numerous times. But many Internet communications carriers--including
AboveNet, Connectnet and Internet Texoma--still use it to restrict Internet
users' access to any sites placed on the list.

Paul Vixie, founder of the RBL and senior vice president of AboveNet's
parent company, declined to comment.

Haselton hopes other sites will spread the word that Peacefire has not
disappeared. If the block is removed, people whose Internet service happens
to pass through carriers that use the RBL may someday have a chance to see
Peacefire's report on the dangers of filtering.

Important Information for HotMail Users

If you tried to send email to Peacefire.org from a HotMail
account between August 2000 and January 2001, HotMail may
have blocked your email from reaching us.
The "Returned Mail" message would have looked
like this, saying that
our server could not be contacted. HotMail has confirmed
that they were actually blocking it on their end. You
can now re-send your message to
bennett@peacefire.org
if you think it may have been blocked.

HotMail subscribes to a "boycott list" of sites called the
"Realtime Blackhole List" (RBL), maintained
by a group called
"MAPS"; the list
includes some spammers, but some ISP's are
targeted for boycotting even if they don't allow spam,
if MAPS believes they are "contributing
to the spam problem". Our hosting company,
Media3, prohibits
hosted sites from spamming, but has no restrictions on the
legal content of sites that are hosted, so a group of
Media3's IP addresses are on the boycott list for selling
bulk email
software or consulting
services to spammers. (We asked MAPS to remove our
address from the list since we didn't have any involvement
with those sites, but they declined,
suggesting that we move to another ISP.)

We don't know if HotMail was participating in the boycott voluntarily,
or if MAPS had led them to believe the boycott list was actually a
"list of known spammers" (in which case HotMail could have been using
the RBL thinking that it was intended to be an accurate spam filter).
This is apparently a widespread
misconception about the RBL (the
MAPS RBL Web page
strongly implies this,
with statements like, "We are a method to identify likely spam origin").

Media3
did complain to HotMail,
and HotMail agreed to stop blocking their users from emailing
Media3-hosted sites. However, for a brief period,
HotMail continued to block mail
from being sent to other sites on the boycott list. Recently
we tried sending mail to some other blacklisted sites from
HotMail, and the emails did not generate "Returned Mail" error
messages, so we don't know
if HotMail is still blocking outgoing mail or not.

Delivered-To: bhaselton@mail-sttl.uswest.net
Date: Mon, 11 Dec 2000 17:10:44 -0800
From: "Kelly Thompson" <kelly@mail-abuse.org>
To: "Nick Popoff" <nick@bloodletting.com>, "Lindsay Haisley" <fmouse@fmp.com>
Cc: "Bennett Haselton" <bennett@peacefire.org>
X-Sender: kelly@127.0.0.1 (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Subject: Re: finding all IP addresses that go through above.net?
At 04:55 PM 12/11/2000 -0800, Nick Popoff wrote:
>Hi Kelly, I spoke with you on the phone a short time ago. It would help
>if you could answer the question below. Would it be possible to
>selectively unblock peacefire.org (209.211.253.169)?
>
>On Mon, 11 Dec 2000, Lindsay Haisley wrote:
> > Technically, they should be able to exempt www.peacefire.org from the RBL
> > list, even if they have to list all 253 other IPs in the block separately.
Technically? Yes, it is. It's a violation of our policy, though, so I can't
do so.
I would be willing to help you find other free or reduced cost hosting,
however.
--kelly

How to access sites blocked by AboveNet or TeleGlobe

AboveNet
and
TeleGlobe
are backbone providers; they provide
connectivity to ISP's, which then sell Internet access to
the general public. Your Internet connection may go through
AboveNet or TeleGlobe even if you don't know it, if your ISP
uses AboveNet or TeleGlobe as their backbone provider.

Both AboveNet and TeleGlobe have been blocking their downstream
users from accessing sites that are on their "boycott list";
Peacefire.org is one of the sites that has been blocked.
AboveNet stopped filtering customers' Web access on December
12, 2000, on the same day that the story became public, but
TeleGlobe is still blocking their users.

Peacefire.org is, of course,
already blocked by most blocking software
programs and "family friendly ISP's" because of our instructions
for disabling censorware. Ironically, this time we were not
filtered because of the content on our site, but because we
were located in the same IP address block as some other sites,
such as
http://www.list-sorcerer.com/,
that sell mass mailing list software.

However, most users downstream from
AboveNet or TeleGlobe did not request filtered Internet access
and have no idea that they are blocked from accessing any
Web sites. If you were downstream from one of these providers
and you tried to access a blocked site, you would get a
"Site not responding" message from your browser, leading users
to think that the site was down, and not that it was blocked
by their ISP.

To find out if your Internet connection goes through AboveNet
or TeleGlobe, open a DOS prompt (if you have Windows) and typetracert www.yahoo.com
If you don't see "above.net" or "teleglobe.net" in the output
anywhere, then your Internet access is not filtered by them.